A thematic review report on cyber risks was published by the Dubai Financial Services Authority (DFSA) which highlights various significant opportunities for operational risk management practices of firms operating in the Dubai International Financial Centre (DIFC).
The Cyber Thematic Review which was launched in July 2019 to understand the overall maturity level of cybersecurity programs of firms authorized by the DFSA assesses cyber-risk governance frameworks, cyber-hygiene practices, and resilience (incident preparedness) programs.
Conducted in two phases, the review first carried out a questionnaire seeking high-level information on each authorized firm’s cybersecurity practices and follows up with desk-based reviews and onsite visits to selected firms representing a range of business models and financial services activities.
A significant number of firms had either not implemented a comprehensive cyber risk management framework or performed only a limited cyber risk assessment, the comprehensive review revealed.
The results highlight that several firms, particularly smaller ones, did not ensure encryption on devices to protect sensitive data. The most notable finding on the resilience of firms towards cyberattacks shows that at least 50 percent of them did not have a continuous identification and response capability for managing cyber incidents.
Even though it didn’t fall into the preview of the review, the new remote working protocols established in 2020 has also introduced new cyber risk vulnerabilities that need to be addressed by the financial services industry.
“Enhancing the cyber resilience of our regulated population is one of our key priorities. Over the past two years, we have steadily increased our supervisory focus on cyber risk. We are constantly engaging with firms in the DIFC to ensure they have sufficient safeguards in place to shield against cyber threats as well as effective processes to respond to and recover from a successful attack. Our focus also includes support for the development of industry-level guidance on cyber-risk management practices. These intensified efforts support the UAE Cybersecurity Strategy and the Dubai Cybersecurity Strategy and are designed to strengthen the cybersecurity environment in the DIFC.”
As part of its efforts to strengthen DIFC’s cyber-resilience, DFSA launched its cyber threat intelligence platform, DFSA TIP, in January 2020. DFSA TIP strives to promote the development of a community of information sharing amongst financial services firms.